Strategy: Analyzing Vulnerabilities In Business-Critical Applications

John Sawyer06/02/13

Strategy: Analyzing Vulnerabilities In Business-Critical Applications

Vulnerability scanning and patch management are a day-to-day aspect of enterprise security. Ironically, however, many enterprises shy away from scanning or patching their most crucial business-critical applications and servers because they are afraid that such scans or patching might interrupt mission-critical business operations. Or they perform the scanning and testing of their important applications prior to deployment into ­production and never bother to reassess them once they’re live and in use.

The fact is, malicious attackers have no qualms about scanning and probing those very same sensitive applications and servers — whether you like it or not. The question, of course, is how do security teams perform vulnerability scans and patch those ever-­important systems at the heart of their organizations’ business processes? And how can security work closely with operations while trying to convince the owners of those ­systems that these actions can be performed with little to no impact?

These are questions that have plagued security practitioners for decades, and the ­difficulties associated with them are not getting any easier as the threat of compromise increases. Each month, we see more and more exploits being added to penetration testing tools like Metasploit for critical business systems such as SAP and Oracle. The bad guys are getting new weapons, which only fuels security teams’ desires to get these ­systems patched immediately. In this Dark Reading report, we recommend how security pros can work with the business side to strike a workable balance between the security and the efficacy of mission-critical systems and services. (S7070613)